Any progress with https/http issue? ....@GCAdmim1 | Page 2 | The Canadian Guitar Forum

Any progress with https/http issue? [email protected]

Discussion in 'Admin Announcements and Site Help' started by greco, Feb 25, 2019.

  1. cboutilier

    cboutilier

    Joined:
    Jan 12, 2016
    Location:
    Halifax, NS
    This issue is a serious pain in the dick.
     
  2. Dorian2

    Dorian2

    Joined:
    Jun 9, 2015
    Location:
    Edmonton, AB
  3. GCAdmin1

    GCAdmin1 Administrator

    Joined:
    Aug 16, 2016
    So this issue... there was some confusion. Apparently, this is done by design, but not strictly by choice. When a site has a SSL certificate, and a non-SSL site attempts to communicate with it, most browsers shut down the communication as a security feature. Chrome and Firefox are prime examples of this behavior and it's why images from non secure sites won't show here anymore.

    We've started (and this part is new to me which is why I didn't say before) to force ALL links to be https. This bug was actually a feature. We're doing so for 2 reasons. First, leaving insecure communication avenues on the site is a security hole, and second, I'm told that Chrome and other browsers will soon start blocking non secure sites, so we're doing this ahead of the change.

    Bottom line: the links on site will continue to be loaded https. Sorry for taking so long to come to the conclusion

    Kevin
     
    Dorian2, KapnKrunch and greco like this.
  4. KapnKrunch

    KapnKrunch Gold Member

    Joined:
    Jul 13, 2016
    Location:
    Yes
    Is there any chance that "insecure" simply means "not us".

    Sorry to suspect conspiracy, but big-fish-eat-little-fish seems to be the standard business model these days.

    Correct me, I know nothing.
     
  5. GCAdmin1

    GCAdmin1 Administrator

    Joined:
    Aug 16, 2016
    No. Or at least.... it's not a conspiracy on our part. If Google has ulterior motives I can't prove them, but they really led the charge on HTTPS conversion. The threat of getting your site demoted in Google Search rankings is not taken lightly

    But really it's just meant to make things more secure. Less chance of anything being stolen if all communication is encrypted

    Kevin
     
    Dorian2 likes this.
  6. LexxM3

    LexxM3 Gold Member

    Joined:
    Oct 12, 2009
    Location:
    Waterloo, ON
    Here is what I am offering the VS core IT team instead of the approach they've taken here:

     
    jb welder likes this.
  7. Dorian2

    Dorian2

    Joined:
    Jun 9, 2015
    Location:
    Edmonton, AB
    Guys....just google Secure Socket Layer. It's an old security technology that a vast majority of sites use for all sorts of reasons. SSL is all tied into Certificates (CA) that are required on the specific ports used on secure transactions and such. What I just mentioned is extremely simplistic and pared down because no one really has to know this unless you're Administering a network either publicly or privately. So take it for what it is.

    @LexxM3 , thanks a bunch. I 've been out of the game for too long to even remember how to setup an AD in an MS environment....never mind the tech you're talking about...haha.
     
  8. GCAdmin1

    GCAdmin1 Administrator

    Joined:
    Aug 16, 2016
    Talked with techs. We don't force the non-sll links to be HTTPS as a way of protecting you guys, but as a way to protect the site. With how our SSL works, even having the HTTP links on the site invalidates our own security certificate. Having that "are you sure?" message wouldn't be a sufficient block in the communication to get around that hurdle.

    Kevin
     
    Dorian2 and greco like this.
  9. greco

    greco Gold Member

    Joined:
    Jul 15, 2007
    Location:
    Kitchener, Ontario
    @GCAdmin1 I don't understand the specifics of this but I appreciate all that is being done to eliminate the frustration for the user.

    @LexxM3 Thanks for all the time and energy you have put into helping with this.
     
  10. LexxM3

    LexxM3 Gold Member

    Joined:
    Oct 12, 2009
    Location:
    Waterloo, ON
    Thanks for the info. I don’t run your systems so I can’t comment on that level of detail with any precision, but with all due respect, the approach you’ve taken is wrong simply because it breaks the forum and it breaks the internet. Focus on security is a nobble cause, but not “at all cost” when it kills the baby in the bath. You need to go back to the drawing board, as “simple” as that.
     
  11. GCAdmin1

    GCAdmin1 Administrator

    Joined:
    Aug 16, 2016
    I'll pass the sentiments on.

    Kevin
     

Share This Page